The WordPress plugin “Crawlomatic Multipage Scraper Post Generator” was updated on Friday to patch a critical vulnerability that could lead to remote code execution (RCE).The flaw, tracked as CVE-2025-4369, has a CVSS score of 9.8 and affects all versions of Crawlomatic prior to version 2.6.8.2.Crawlomatic is a plugin by CodeRevolution that automatically scrapes websites for … Read more
May 01, 2025Ravie LakshmananMalware / Web Skimming Cybersecurity researchers have shed light on a new campaign targeting WordPress sites that disguises the malware as a security plugin. The plugin, which goes by the name “WP-antymalwary-bot.php,” comes with a variety of features to maintain access, hide itself from the admin dashboard, and execute remote code. “Pinging … Read more
No one can deny that SEO is essential for driving website traffic and boosting visibility online. While keywords and content often take center stage, your site’s technical setup—such as WordPress permalink settings—can significantly impact your rankings. This guide provides step-by-step instructions for setting up the correct WordPress permalink settings, helping you make informed decisions whether … Read more
Nov 26, 2024Ravie LakshmananVulnerability / Website Security Two critical security flaws impacting the Spam protection, Anti-Spam, and FireWall plugin WordPress could allow an unauthenticated attacker to install and enable malicious plugins on susceptible sites and potentially achieve remote code execution. The vulnerabilities, tracked as CVE-2024-10542 and CVE-2024-10781, carry a CVSS score of 9.8 out of … Read more
WordPress’s emperor, Matt Mullenweg, demands a hefty tribute from WP Engine, and a battle erupts, leaving millions of websites hanging in the balance. Meanwhile, the Internet Archive, a digital library preserving our online history, is under siege from hackers. All this and more is discussed in the latest edition of the “Smashing Security” podcast by … Read more